Predicting MongoDB ObjectId() continuously in Rocket.Chat
Security researchers at Aikido discovered that Rocket.Chat's use of MongoDB's ObjectId() for file IDs allows unauthenticated attackers to predict and access any uploaded file. The vulnerability, repor…